also, fyi, the sample file files/whiteorg.txt doesn't have $ to force it only to match the line ending, which I believe is what I used to come up with my incorrect assumption. Putting in at least 1 example in that file with a $ might help others not make the same mistake that I have. My money's on well more than half of the admins using ASSP haven't made the same mistake.
In the sample file, everything starts with \b, clearly telling us that it needs to be the start of a word, but no lines end with $ or even \b For example: \bbank of america When I see that, I think "we have the \b so that some scammer can't get senderbase to have their network as 'BADbank of america' and get through our filters." That's logical, but I also assumed that because there isn't a trailing \b (or actually $) that it's going to the end of the line. Why would someone put a \b at the beginning, but not care about "bank of americascammer network" also being a match? Maybe edit the sample whiteorg or put a note at the top to help others? On Thu, Apr 29, 2021 at 10:05 AM K Post <nntp.p...@gmail.com> wrote: > My assumption was wrong for as long as senderbase has been in ASSP then! > I'll be adding the $ end of line requirement to everything in senderbase > shortly. > > Is this also also true of dkimAddresses and dkimNPAddresses? > > On Mon, Apr 26, 2021 at 2:50 AM Thomas Eckardt <thomas.ecka...@thockar.com> > wrote: > >> >I (maybe incorrectly) assumed that the *word boundary* was *automatically >> added* on the end. >> >> Hmm.... what is causing this assumtion reading the description of >> whiteSenderBase? >> >> *Whitelisted Organizations, Domains and Hosts in SenderBase** >> (whiteSenderBase)* >> If the organization, domain or hostname in the SenderBase IP description >> matches this Perl regular expression, the message will be considered >> non-spam. For example file:files/whiteorg.txt >> NOTICE: If only the hostname matches an entry and DoOrgWhiting is set to >> "whiting", the domain+organization pair will not be added to the white >> organizations! >> >> >> walmart.com.mx >> >> \bwalmart\.com - match >> \bwalmart\.com\b - match >> \bwalmart\.com$ - no match >> >> Thomas >> >> >> >> >> >> >> Von: "K Post" <nntp.p...@gmail.com> >> An: "ASSP development mailing list" < >> assp-test@lists.sourceforge.net> >> Datum: 25.04.2021 12:25 >> Betreff: [Assp-test] Senderbase Matching Substring >> ------------------------------ >> >> >> >> For a long time, I've had >> \bwalmart\.com >> in my whiteSenderBase configuration. Some of our staff shops at walmart >> and anything from Walmart's ip space should be considered white. All good >> there. >> >> However, I had a bunch of spam slip through because of this overnight. >> When I did an alayze, I saw: >> 129.41.173.75 SenderBase: status=white SenderBase, data=[CN=US, >> ORG=ACOUSTIC-ATL-01, DOM=*walmart.com* <http://walmart.com/>*.mx*, BLS=, >> HNM=Y, CIDR=23, HN=*mail9320.hayhouse.mkt9919.com* >> <http://mail9320.hayhouse.mkt9919.com/>] >> >> WhiteDomain Regex: whiteSenderBaseRE '*walmart.com* <http://walmart.com/> >> ' >> [scoring] SenderBase -- White Domain '*walmart.com* <http://walmart.com/> >> ' >> It's matching *walmart.com* <http://walmart.com/>*.MX* >> >> I've never put a \b at the end of config lines in whiteSenderBase, I >> (maybe incorrectly) assumed that the word boundary was automatically added >> on the end. >> >> Is the \b on the end necessary, if I don't want to match *walmart.com.mx* >> <http://walmart.com.mx/> and only want to match *walmart.com* >> <http://walmart.com/>? Is there another way, coding error, config >> mistake, etc? >> >> Thanks!_______________________________________________ >> Assp-test mailing list >> Assp-test@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/assp-test >> >> >> >> >> DISCLAIMER: >> ******************************************************* >> This email and any files transmitted with it may be confidential, legally >> privileged and protected in law and are intended solely for the use of the >> individual to whom it is addressed. >> This email was multiple times scanned for viruses. There should be no >> known virus in this email! >> ******************************************************* >> >> _______________________________________________ >> Assp-test mailing list >> Assp-test@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/assp-test >> >
_______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
